样本[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

样本.7z
Size

439KB
MD5

af56ad8009c61eb56d2e50a57dfe169d
SHA1

f351f2d4f53112e5f7311359fa5c28d72f339b3c
SHA256

6d9e631f588cfd95c6c3d331d0da68f859ec9732c2d7108bbc1aed7a158add83
SHA512

5e7a776a67152fa03d38374777bb4b4ec214ff4cfde5031a2ba87689d5cbb66d6e78786151e7c4b41ccaeb2b9037c37cf79dc61a27142244cd4d221428b6d3ad
SSDEEP

6144:H/2SD5Wuc2tmWOCd2k4IenrF07RGkUqt1n0r0JWdYmX/cCmf6kRv47qimdax:f/D5jtROMD4LCVG/qtJ07dbvcj6QwqiP

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/样本/RLhuVc.exe
unpack001/样本/mscoree.dll

Files

样本.7z
.7z
样本/RLhuVc.exe
.exe windows:5 windows x86 arch:x86

d5d24961912c093d9f898b2d349daff6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent2\work\f25946ab0e58f7d5\v3\bin\Release\MBlauncher.pdb

Imports

kernel32

LocalFree
FreeLibrary
InterlockedDecrement
LocalAlloc
SetCurrentDirectoryW
FormatMessageW
CreateProcessW
CloseHandle
GetModuleFileNameW
CreateFileW
WriteConsoleW
GetProcAddress
GetLastError
GetFullPathNameW
LoadLibraryW
DecodePointer
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
EncodePointer
RaiseException
SetLastError
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetStdHandle
WriteFile
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetStringTypeW
GetProcessHeap

user32

MessageBoxW

advapi32

RegSetValueExW
RegCreateKeyExW
RegCloseKey

oleaut32

SafeArrayPutElement
SafeArrayCreateVector
SafeArrayDestroy
VariantClear
VariantInit
SysFreeString
SysAllocString

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
样本/ffff.lop
样本/ffff.pol
样本/mscoree.dll
.dll windows:6 windows x86 arch:x86

0986ee100b9277b4d1503d41cc8367e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
GetCurrentProcess
CreateMutexA
LocalAlloc
Sleep
GetLastError
CreateFileA
LoadLibraryA
CloseHandle
K32GetModuleInformation
VirtualProtect
VirtualAllocEx
LocalFree
GetFileSize
ExitProcess
ReadProcessMemory
GetProcessHeap
FreeLibrary
K32EnumProcessModules
GetComputerNameA
WriteConsoleW
WriteProcessMemory
GetModuleFileNameA
HeapAlloc
ReadFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
GetModuleHandleExW
GetModuleFileNameW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
DecodePointer

Exports

Exports

CLRCreateInstance

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5d24961912c093d9f898b2d349daff6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

oleaut32

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 296B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

0986ee100b9277b4d1503d41cc8367e7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 48KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 296B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 4KB - Virtual size: 3KB